@nervekit/tools 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (267) hide show
  1. package/LICENSE +201 -0
  2. package/NOTICE +5 -0
  3. package/dist/catalog/core/filesystem.tools.d.ts +140 -0
  4. package/dist/catalog/core/filesystem.tools.d.ts.map +1 -0
  5. package/dist/catalog/core/filesystem.tools.js +221 -0
  6. package/dist/catalog/core/filesystem.tools.js.map +1 -0
  7. package/dist/catalog/core/interaction.tools.d.ts +37 -0
  8. package/dist/catalog/core/interaction.tools.d.ts.map +1 -0
  9. package/dist/catalog/core/interaction.tools.js +55 -0
  10. package/dist/catalog/core/interaction.tools.js.map +1 -0
  11. package/dist/catalog/core/python.tools.d.ts +17 -0
  12. package/dist/catalog/core/python.tools.d.ts.map +1 -0
  13. package/dist/catalog/core/python.tools.js +32 -0
  14. package/dist/catalog/core/python.tools.js.map +1 -0
  15. package/dist/catalog/core/shell.tools.d.ts +14 -0
  16. package/dist/catalog/core/shell.tools.d.ts.map +1 -0
  17. package/dist/catalog/core/shell.tools.js +22 -0
  18. package/dist/catalog/core/shell.tools.js.map +1 -0
  19. package/dist/catalog/core/web.tools.d.ts +23 -0
  20. package/dist/catalog/core/web.tools.d.ts.map +1 -0
  21. package/dist/catalog/core/web.tools.js +34 -0
  22. package/dist/catalog/core/web.tools.js.map +1 -0
  23. package/dist/catalog/descriptors.d.ts +4 -0
  24. package/dist/catalog/descriptors.d.ts.map +1 -0
  25. package/dist/catalog/descriptors.js +17 -0
  26. package/dist/catalog/descriptors.js.map +1 -0
  27. package/dist/catalog/index.d.ts +18 -0
  28. package/dist/catalog/index.d.ts.map +1 -0
  29. package/dist/catalog/index.js +44 -0
  30. package/dist/catalog/index.js.map +1 -0
  31. package/dist/catalog/orchestration/explore.tools.d.ts +20 -0
  32. package/dist/catalog/orchestration/explore.tools.d.ts.map +1 -0
  33. package/dist/catalog/orchestration/explore.tools.js +42 -0
  34. package/dist/catalog/orchestration/explore.tools.js.map +1 -0
  35. package/dist/catalog/orchestration/plan-mode.tools.d.ts +32 -0
  36. package/dist/catalog/orchestration/plan-mode.tools.d.ts.map +1 -0
  37. package/dist/catalog/orchestration/plan-mode.tools.js +43 -0
  38. package/dist/catalog/orchestration/plan-mode.tools.js.map +1 -0
  39. package/dist/catalog/orchestration/process.tools.d.ts +68 -0
  40. package/dist/catalog/orchestration/process.tools.d.ts.map +1 -0
  41. package/dist/catalog/orchestration/process.tools.js +96 -0
  42. package/dist/catalog/orchestration/process.tools.js.map +1 -0
  43. package/dist/catalog/orchestration/subagent.tools.d.ts +16 -0
  44. package/dist/catalog/orchestration/subagent.tools.d.ts.map +1 -0
  45. package/dist/catalog/orchestration/subagent.tools.js +25 -0
  46. package/dist/catalog/orchestration/subagent.tools.js.map +1 -0
  47. package/dist/catalog/orchestration/task.tools.d.ts +107 -0
  48. package/dist/catalog/orchestration/task.tools.d.ts.map +1 -0
  49. package/dist/catalog/orchestration/task.tools.js +170 -0
  50. package/dist/catalog/orchestration/task.tools.js.map +1 -0
  51. package/dist/catalog/risk.d.ts +3 -0
  52. package/dist/catalog/risk.d.ts.map +1 -0
  53. package/dist/catalog/risk.js +29 -0
  54. package/dist/catalog/risk.js.map +1 -0
  55. package/dist/catalog/types.d.ts +14 -0
  56. package/dist/catalog/types.d.ts.map +1 -0
  57. package/dist/catalog/types.js +2 -0
  58. package/dist/catalog/types.js.map +1 -0
  59. package/dist/definitions.d.ts +2 -0
  60. package/dist/definitions.d.ts.map +1 -0
  61. package/dist/definitions.js +2 -0
  62. package/dist/definitions.js.map +1 -0
  63. package/dist/execution/atomic-write.d.ts +2 -0
  64. package/dist/execution/atomic-write.d.ts.map +1 -0
  65. package/dist/execution/atomic-write.js +7 -0
  66. package/dist/execution/atomic-write.js.map +1 -0
  67. package/dist/execution/bash.d.ts +3 -0
  68. package/dist/execution/bash.d.ts.map +1 -0
  69. package/dist/execution/bash.js +133 -0
  70. package/dist/execution/bash.js.map +1 -0
  71. package/dist/execution/common/args.d.ts +2 -0
  72. package/dist/execution/common/args.d.ts.map +1 -0
  73. package/dist/execution/common/args.js +6 -0
  74. package/dist/execution/common/args.js.map +1 -0
  75. package/dist/execution/common/output-budget.d.ts +61 -0
  76. package/dist/execution/common/output-budget.d.ts.map +1 -0
  77. package/dist/execution/common/output-budget.js +140 -0
  78. package/dist/execution/common/output-budget.js.map +1 -0
  79. package/dist/execution/common/process-result.d.ts +44 -0
  80. package/dist/execution/common/process-result.d.ts.map +1 -0
  81. package/dist/execution/common/process-result.js +322 -0
  82. package/dist/execution/common/process-result.js.map +1 -0
  83. package/dist/execution/common/search-utils.d.ts +8 -0
  84. package/dist/execution/common/search-utils.d.ts.map +1 -0
  85. package/dist/execution/common/search-utils.js +110 -0
  86. package/dist/execution/common/search-utils.js.map +1 -0
  87. package/dist/execution/common/tool-error.d.ts +8 -0
  88. package/dist/execution/common/tool-error.d.ts.map +1 -0
  89. package/dist/execution/common/tool-error.js +14 -0
  90. package/dist/execution/common/tool-error.js.map +1 -0
  91. package/dist/execution/common/truncate.d.ts +27 -0
  92. package/dist/execution/common/truncate.d.ts.map +1 -0
  93. package/dist/execution/common/truncate.js +108 -0
  94. package/dist/execution/common/truncate.js.map +1 -0
  95. package/dist/execution/common.d.ts +2 -0
  96. package/dist/execution/common.d.ts.map +1 -0
  97. package/dist/execution/common.js +6 -0
  98. package/dist/execution/common.js.map +1 -0
  99. package/dist/execution/core-dispatch.d.ts +4 -0
  100. package/dist/execution/core-dispatch.d.ts.map +1 -0
  101. package/dist/execution/core-dispatch.js +58 -0
  102. package/dist/execution/core-dispatch.js.map +1 -0
  103. package/dist/execution/dispatch.d.ts +4 -0
  104. package/dist/execution/dispatch.d.ts.map +1 -0
  105. package/dist/execution/dispatch.js +54 -0
  106. package/dist/execution/dispatch.js.map +1 -0
  107. package/dist/execution/edit.d.ts +9 -0
  108. package/dist/execution/edit.d.ts.map +1 -0
  109. package/dist/execution/edit.js +175 -0
  110. package/dist/execution/edit.js.map +1 -0
  111. package/dist/execution/file-mutation-queue.d.ts +2 -0
  112. package/dist/execution/file-mutation-queue.d.ts.map +1 -0
  113. package/dist/execution/file-mutation-queue.js +19 -0
  114. package/dist/execution/file-mutation-queue.js.map +1 -0
  115. package/dist/execution/filesystem/atomic-write.d.ts +2 -0
  116. package/dist/execution/filesystem/atomic-write.d.ts.map +1 -0
  117. package/dist/execution/filesystem/atomic-write.js +7 -0
  118. package/dist/execution/filesystem/atomic-write.js.map +1 -0
  119. package/dist/execution/filesystem/edit-args.d.ts +46 -0
  120. package/dist/execution/filesystem/edit-args.d.ts.map +1 -0
  121. package/dist/execution/filesystem/edit-args.js +212 -0
  122. package/dist/execution/filesystem/edit-args.js.map +1 -0
  123. package/dist/execution/filesystem/edit-errors.d.ts +4 -0
  124. package/dist/execution/filesystem/edit-errors.d.ts.map +1 -0
  125. package/dist/execution/filesystem/edit-errors.js +8 -0
  126. package/dist/execution/filesystem/edit-errors.js.map +1 -0
  127. package/dist/execution/filesystem/edit.d.ts +4 -0
  128. package/dist/execution/filesystem/edit.d.ts.map +1 -0
  129. package/dist/execution/filesystem/edit.js +330 -0
  130. package/dist/execution/filesystem/edit.js.map +1 -0
  131. package/dist/execution/filesystem/file-mutation-queue.d.ts +2 -0
  132. package/dist/execution/filesystem/file-mutation-queue.d.ts.map +1 -0
  133. package/dist/execution/filesystem/file-mutation-queue.js +19 -0
  134. package/dist/execution/filesystem/file-mutation-queue.js.map +1 -0
  135. package/dist/execution/filesystem/find.d.ts +3 -0
  136. package/dist/execution/filesystem/find.d.ts.map +1 -0
  137. package/dist/execution/filesystem/find.js +93 -0
  138. package/dist/execution/filesystem/find.js.map +1 -0
  139. package/dist/execution/filesystem/legacy-edit.d.ts +9 -0
  140. package/dist/execution/filesystem/legacy-edit.d.ts.map +1 -0
  141. package/dist/execution/filesystem/legacy-edit.js +122 -0
  142. package/dist/execution/filesystem/legacy-edit.js.map +1 -0
  143. package/dist/execution/filesystem/list.d.ts +3 -0
  144. package/dist/execution/filesystem/list.d.ts.map +1 -0
  145. package/dist/execution/filesystem/list.js +49 -0
  146. package/dist/execution/filesystem/list.js.map +1 -0
  147. package/dist/execution/filesystem/path.d.ts +7 -0
  148. package/dist/execution/filesystem/path.d.ts.map +1 -0
  149. package/dist/execution/filesystem/path.js +69 -0
  150. package/dist/execution/filesystem/path.js.map +1 -0
  151. package/dist/execution/filesystem/read.d.ts +3 -0
  152. package/dist/execution/filesystem/read.d.ts.map +1 -0
  153. package/dist/execution/filesystem/read.js +225 -0
  154. package/dist/execution/filesystem/read.js.map +1 -0
  155. package/dist/execution/filesystem/search.d.ts +3 -0
  156. package/dist/execution/filesystem/search.d.ts.map +1 -0
  157. package/dist/execution/filesystem/search.js +149 -0
  158. package/dist/execution/filesystem/search.js.map +1 -0
  159. package/dist/execution/filesystem/smart-match.d.ts +31 -0
  160. package/dist/execution/filesystem/smart-match.d.ts.map +1 -0
  161. package/dist/execution/filesystem/smart-match.js +309 -0
  162. package/dist/execution/filesystem/smart-match.js.map +1 -0
  163. package/dist/execution/filesystem/text-editing.d.ts +9 -0
  164. package/dist/execution/filesystem/text-editing.d.ts.map +1 -0
  165. package/dist/execution/filesystem/text-editing.js +43 -0
  166. package/dist/execution/filesystem/text-editing.js.map +1 -0
  167. package/dist/execution/filesystem/write.d.ts +3 -0
  168. package/dist/execution/filesystem/write.d.ts.map +1 -0
  169. package/dist/execution/filesystem/write.js +21 -0
  170. package/dist/execution/filesystem/write.js.map +1 -0
  171. package/dist/execution/find.d.ts +3 -0
  172. package/dist/execution/find.d.ts.map +1 -0
  173. package/dist/execution/find.js +90 -0
  174. package/dist/execution/find.js.map +1 -0
  175. package/dist/execution/index.d.ts +18 -0
  176. package/dist/execution/index.d.ts.map +1 -0
  177. package/dist/execution/index.js +17 -0
  178. package/dist/execution/index.js.map +1 -0
  179. package/dist/execution/list.d.ts +3 -0
  180. package/dist/execution/list.d.ts.map +1 -0
  181. package/dist/execution/list.js +46 -0
  182. package/dist/execution/list.js.map +1 -0
  183. package/dist/execution/path.d.ts +7 -0
  184. package/dist/execution/path.d.ts.map +1 -0
  185. package/dist/execution/path.js +69 -0
  186. package/dist/execution/path.js.map +1 -0
  187. package/dist/execution/python/python.d.ts +3 -0
  188. package/dist/execution/python/python.d.ts.map +1 -0
  189. package/dist/execution/python/python.js +566 -0
  190. package/dist/execution/python/python.js.map +1 -0
  191. package/dist/execution/python/runtime.d.ts +22 -0
  192. package/dist/execution/python/runtime.d.ts.map +1 -0
  193. package/dist/execution/python/runtime.js +178 -0
  194. package/dist/execution/python/runtime.js.map +1 -0
  195. package/dist/execution/read.d.ts +3 -0
  196. package/dist/execution/read.d.ts.map +1 -0
  197. package/dist/execution/read.js +97 -0
  198. package/dist/execution/read.js.map +1 -0
  199. package/dist/execution/search-utils.d.ts +8 -0
  200. package/dist/execution/search-utils.d.ts.map +1 -0
  201. package/dist/execution/search-utils.js +110 -0
  202. package/dist/execution/search-utils.js.map +1 -0
  203. package/dist/execution/search.d.ts +3 -0
  204. package/dist/execution/search.d.ts.map +1 -0
  205. package/dist/execution/search.js +131 -0
  206. package/dist/execution/search.js.map +1 -0
  207. package/dist/execution/shell/bash.d.ts +3 -0
  208. package/dist/execution/shell/bash.d.ts.map +1 -0
  209. package/dist/execution/shell/bash.js +134 -0
  210. package/dist/execution/shell/bash.js.map +1 -0
  211. package/dist/execution/truncate.d.ts +21 -0
  212. package/dist/execution/truncate.d.ts.map +1 -0
  213. package/dist/execution/truncate.js +94 -0
  214. package/dist/execution/truncate.js.map +1 -0
  215. package/dist/execution/web/web-fetch.d.ts +3 -0
  216. package/dist/execution/web/web-fetch.d.ts.map +1 -0
  217. package/dist/execution/web/web-fetch.js +132 -0
  218. package/dist/execution/web/web-fetch.js.map +1 -0
  219. package/dist/execution/web/web-search.d.ts +3 -0
  220. package/dist/execution/web/web-search.d.ts.map +1 -0
  221. package/dist/execution/web/web-search.js +59 -0
  222. package/dist/execution/web/web-search.js.map +1 -0
  223. package/dist/execution/web-fetch.d.ts +3 -0
  224. package/dist/execution/web-fetch.d.ts.map +1 -0
  225. package/dist/execution/web-fetch.js +132 -0
  226. package/dist/execution/web-fetch.js.map +1 -0
  227. package/dist/execution/web-search.d.ts +3 -0
  228. package/dist/execution/web-search.d.ts.map +1 -0
  229. package/dist/execution/web-search.js +59 -0
  230. package/dist/execution/web-search.js.map +1 -0
  231. package/dist/execution/write.d.ts +3 -0
  232. package/dist/execution/write.d.ts.map +1 -0
  233. package/dist/execution/write.js +21 -0
  234. package/dist/execution/write.js.map +1 -0
  235. package/dist/index.d.ts +9 -0
  236. package/dist/index.d.ts.map +1 -0
  237. package/dist/index.js +11 -0
  238. package/dist/index.js.map +1 -0
  239. package/dist/safety/command-policy-git.d.ts +2 -0
  240. package/dist/safety/command-policy-git.d.ts.map +1 -0
  241. package/dist/safety/command-policy-git.js +88 -0
  242. package/dist/safety/command-policy-git.js.map +1 -0
  243. package/dist/safety/command-policy-options.d.ts +6 -0
  244. package/dist/safety/command-policy-options.d.ts.map +1 -0
  245. package/dist/safety/command-policy-options.js +112 -0
  246. package/dist/safety/command-policy-options.js.map +1 -0
  247. package/dist/safety/command-policy-packages.d.ts +4 -0
  248. package/dist/safety/command-policy-packages.d.ts.map +1 -0
  249. package/dist/safety/command-policy-packages.js +161 -0
  250. package/dist/safety/command-policy-packages.js.map +1 -0
  251. package/dist/safety/command-policy-parser.d.ts +11 -0
  252. package/dist/safety/command-policy-parser.d.ts.map +1 -0
  253. package/dist/safety/command-policy-parser.js +121 -0
  254. package/dist/safety/command-policy-parser.js.map +1 -0
  255. package/dist/safety/command-policy-wrappers.d.ts +6 -0
  256. package/dist/safety/command-policy-wrappers.d.ts.map +1 -0
  257. package/dist/safety/command-policy-wrappers.js +95 -0
  258. package/dist/safety/command-policy-wrappers.js.map +1 -0
  259. package/dist/safety/command-policy.d.ts +6 -0
  260. package/dist/safety/command-policy.d.ts.map +1 -0
  261. package/dist/safety/command-policy.js +118 -0
  262. package/dist/safety/command-policy.js.map +1 -0
  263. package/dist/types.d.ts +78 -0
  264. package/dist/types.d.ts.map +1 -0
  265. package/dist/types.js +2 -0
  266. package/dist/types.js.map +1 -0
  267. package/package.json +48 -0
@@ -0,0 +1,3 @@
1
+ import type { ToolExecutionContext, ToolExecutionResult } from "../types.js";
2
+ export declare function executeWebSearch(args: Record<string, unknown>, context: ToolExecutionContext): Promise<ToolExecutionResult>;
3
+ //# sourceMappingURL=web-search.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"web-search.d.ts","sourceRoot":"","sources":["../../src/execution/web-search.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAmC7E,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,mBAAmB,CAAC,CAoD9B"}
@@ -0,0 +1,59 @@
1
+ import { numberArg } from "./common.js";
2
+ function stringArg(value, name) {
3
+ if (typeof value !== "string" || value.trim().length === 0) {
4
+ throw new Error(`${name} must be a non-empty string.`);
5
+ }
6
+ return value;
7
+ }
8
+ function maxResultsArg(value) {
9
+ const parsed = numberArg(value, 5);
10
+ return Math.min(20, Math.max(1, parsed));
11
+ }
12
+ function timeoutSignal(signal, milliseconds) {
13
+ const timeout = AbortSignal.timeout(milliseconds);
14
+ return signal ? AbortSignal.any([signal, timeout]) : timeout;
15
+ }
16
+ export async function executeWebSearch(args, context) {
17
+ const query = stringArg(args.query, "query");
18
+ const maxResults = maxResultsArg(args.max_results);
19
+ const apiKey = (await context.getApiKey?.("tavily")) ?? process.env.TAVILY_API_KEY;
20
+ if (!apiKey) {
21
+ throw new Error("Tavily API key is not configured. Configure provider 'tavily' in Nerve or set TAVILY_API_KEY.");
22
+ }
23
+ const response = await fetch("https://api.tavily.com/search", {
24
+ method: "POST",
25
+ headers: { "Content-Type": "application/json" },
26
+ body: JSON.stringify({
27
+ api_key: apiKey,
28
+ query,
29
+ max_results: maxResults,
30
+ include_answer: true,
31
+ }),
32
+ signal: timeoutSignal(context.signal, 60_000),
33
+ });
34
+ if (!response.ok) {
35
+ throw new Error(`Tavily API error: ${response.status} ${await response.text()}`);
36
+ }
37
+ const data = (await response.json());
38
+ const results = Array.isArray(data.results) ? data.results : [];
39
+ const lines = [];
40
+ if (data.answer)
41
+ lines.push(`**Answer:** ${data.answer}`, "");
42
+ for (const result of results) {
43
+ lines.push(`### ${result.title}`, result.url, "", result.content, "");
44
+ }
45
+ const content = lines.join("\n").trimEnd();
46
+ return {
47
+ content,
48
+ contentBlocks: [{ type: "text", text: content }],
49
+ details: {
50
+ query,
51
+ answer: data.answer,
52
+ results: results.map((result) => ({
53
+ title: result.title,
54
+ url: result.url,
55
+ })),
56
+ },
57
+ };
58
+ }
59
+ //# sourceMappingURL=web-search.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"web-search.js","sourceRoot":"","sources":["../../src/execution/web-search.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAcxC,SAAS,SAAS,CAAC,KAAc,EAAE,IAAY;IAC7C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,8BAA8B,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,aAAa,CAAC,KAAc;IACnC,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACnC,OAAO,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,aAAa,CACpB,MAA+B,EAC/B,YAAoB;IAEpB,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAClD,OAAO,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;AAC/D,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,IAA6B,EAC7B,OAA6B;IAE7B,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAC7C,MAAM,UAAU,GAAG,aAAa,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IACnD,MAAM,MAAM,GACV,CAAC,MAAM,OAAO,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;IAEtE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,+FAA+F,CAChG,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,+BAA+B,EAAE;QAC5D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,OAAO,EAAE,MAAM;YACf,KAAK;YACL,WAAW,EAAE,UAAU;YACvB,cAAc,EAAE,IAAI;SACrB,CAAC;QACF,MAAM,EAAE,aAAa,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC;KAC9C,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CACb,qBAAqB,QAAQ,CAAC,MAAM,IAAI,MAAM,QAAQ,CAAC,IAAI,EAAE,EAAE,CAChE,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAmB,CAAC;IACvD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;IAEhE,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,IAAI,CAAC,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;IAC9D,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,OAAO,MAAM,CAAC,KAAK,EAAE,EAAE,MAAM,CAAC,GAAG,EAAE,EAAE,EAAE,MAAM,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IACxE,CAAC;IACD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;IAE3C,OAAO;QACL,OAAO;QACP,aAAa,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QAChD,OAAO,EAAE;YACP,KAAK;YACL,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;gBAChC,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,GAAG,EAAE,MAAM,CAAC,GAAG;aAChB,CAAC,CAAC;SACJ;KACF,CAAC;AACJ,CAAC"}
@@ -0,0 +1,3 @@
1
+ import type { ToolExecutionContext, ToolExecutionResult } from "../types.js";
2
+ export declare function executeWrite(args: Record<string, unknown>, context: ToolExecutionContext): Promise<ToolExecutionResult>;
3
+ //# sourceMappingURL=write.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"write.d.ts","sourceRoot":"","sources":["../../src/execution/write.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAK7E,wBAAsB,YAAY,CAChC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,mBAAmB,CAAC,CAc9B"}
@@ -0,0 +1,21 @@
1
+ import { mkdir } from "node:fs/promises";
2
+ import { dirname } from "node:path";
3
+ import { writeTextFileAtomically } from "./atomic-write.js";
4
+ import { withFileMutationQueue } from "./file-mutation-queue.js";
5
+ import { resolveToolPath } from "./path.js";
6
+ export async function executeWrite(args, context) {
7
+ const path = resolveToolPath(context.cwd, args.path);
8
+ if (typeof args.content !== "string")
9
+ throw new Error("Tool argument 'content' must be a string.");
10
+ return withFileMutationQueue(path, async () => {
11
+ await mkdir(dirname(path), { recursive: true });
12
+ await writeTextFileAtomically(path, args.content);
13
+ const content = `Wrote ${Buffer.byteLength(args.content, "utf8")} bytes.`;
14
+ return {
15
+ path,
16
+ content,
17
+ contentBlocks: [{ type: "text", text: content }],
18
+ };
19
+ });
20
+ }
21
+ //# sourceMappingURL=write.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"write.js","sourceRoot":"","sources":["../../src/execution/write.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,OAAO,EAAE,uBAAuB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAE5C,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,IAA6B,EAC7B,OAA6B;IAE7B,MAAM,IAAI,GAAG,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IACrD,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ;QAClC,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC/D,OAAO,qBAAqB,CAAC,IAAI,EAAE,KAAK,IAAI,EAAE;QAC5C,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAChD,MAAM,uBAAuB,CAAC,IAAI,EAAE,IAAI,CAAC,OAAiB,CAAC,CAAC;QAC5D,MAAM,OAAO,GAAG,SAAS,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,OAAiB,EAAE,MAAM,CAAC,SAAS,CAAC;QACpF,OAAO;YACL,IAAI;YACJ,OAAO;YACP,aAAa,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;SACjD,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC"}
@@ -0,0 +1,9 @@
1
+ import type { ToolDescriptor, ToolName, ToolRisk } from "@nervekit/shared";
2
+ export * from "./catalog/index.js";
3
+ export { appendBoundedTextNotice, type BoundedTextResult, boundContentBlocks, boundLiveOutputChunk, boundText, buildProcessResult, buildProcessTextResult, executeEdit, executeTool, FILE_OUTPUT_MAX_LINE_CHARS, LIVE_OUTPUT_MAX_BYTES, LIVE_OUTPUT_MAX_LINE_CHARS, LIVE_OUTPUT_MAX_LINES, MODEL_TEXT_MAX_BYTES, MODEL_TEXT_MAX_LINE_CHARS, MODEL_TEXT_MAX_LINES, normalizeEditArgs, PROCESS_INLINE_MAX_LINE_CHARS, type PythonRuntime, type PythonRuntimeStatus, resolvePythonRuntime, resolveToolPath, type TextBoundaryDetails, type TextBudget, ToolExecutionError, textBoundaryDetails, } from "./execution/index.js";
4
+ export { hasDangerousCommandPattern, hasShellControlOperator, isAllowedPlanModeBashCommand, isKnownReadOnlyCommand, isLikelyLongRunningCommand, } from "./safety/command-policy.js";
5
+ export * from "./types.js";
6
+ export declare const coreToolDescriptors: ToolDescriptor[];
7
+ export declare const allToolDescriptors: ToolDescriptor[];
8
+ export declare function toolRiskForName(name: ToolName): ToolRisk;
9
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAO3E,cAAc,oBAAoB,CAAC;AACnC,OAAO,EACL,uBAAuB,EACvB,KAAK,iBAAiB,EACtB,kBAAkB,EAClB,oBAAoB,EACpB,SAAS,EACT,kBAAkB,EAClB,sBAAsB,EACtB,WAAW,EACX,WAAW,EACX,0BAA0B,EAC1B,qBAAqB,EACrB,0BAA0B,EAC1B,qBAAqB,EACrB,oBAAoB,EACpB,yBAAyB,EACzB,oBAAoB,EACpB,iBAAiB,EACjB,6BAA6B,EAC7B,KAAK,aAAa,EAClB,KAAK,mBAAmB,EACxB,oBAAoB,EACpB,eAAe,EACf,KAAK,mBAAmB,EACxB,KAAK,UAAU,EACf,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,0BAA0B,EAC1B,uBAAuB,EACvB,4BAA4B,EAC5B,sBAAsB,EACtB,0BAA0B,GAC3B,MAAM,4BAA4B,CAAC;AACpC,cAAc,YAAY,CAAC;AAE3B,eAAO,MAAM,mBAAmB,EAAE,cAAc,EACV,CAAC;AAEvC,eAAO,MAAM,kBAAkB,EAAE,cAAc,EACV,CAAC;AAEtC,wBAAgB,eAAe,CAAC,IAAI,EAAE,QAAQ,GAAG,QAAQ,CAExD"}
package/dist/index.js ADDED
@@ -0,0 +1,11 @@
1
+ import { allToolDescriptorsFromDefinitions, coreToolDescriptorsFromDefinitions, coreToolRiskForName, } from "./catalog/index.js";
2
+ export * from "./catalog/index.js";
3
+ export { appendBoundedTextNotice, boundContentBlocks, boundLiveOutputChunk, boundText, buildProcessResult, buildProcessTextResult, executeEdit, executeTool, FILE_OUTPUT_MAX_LINE_CHARS, LIVE_OUTPUT_MAX_BYTES, LIVE_OUTPUT_MAX_LINE_CHARS, LIVE_OUTPUT_MAX_LINES, MODEL_TEXT_MAX_BYTES, MODEL_TEXT_MAX_LINE_CHARS, MODEL_TEXT_MAX_LINES, normalizeEditArgs, PROCESS_INLINE_MAX_LINE_CHARS, resolvePythonRuntime, resolveToolPath, ToolExecutionError, textBoundaryDetails, } from "./execution/index.js";
4
+ export { hasDangerousCommandPattern, hasShellControlOperator, isAllowedPlanModeBashCommand, isKnownReadOnlyCommand, isLikelyLongRunningCommand, } from "./safety/command-policy.js";
5
+ export * from "./types.js";
6
+ export const coreToolDescriptors = coreToolDescriptorsFromDefinitions();
7
+ export const allToolDescriptors = allToolDescriptorsFromDefinitions();
8
+ export function toolRiskForName(name) {
9
+ return coreToolRiskForName(name);
10
+ }
11
+ //# sourceMappingURL=index.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EACL,iCAAiC,EACjC,kCAAkC,EAClC,mBAAmB,GACpB,MAAM,oBAAoB,CAAC;AAE5B,cAAc,oBAAoB,CAAC;AACnC,OAAO,EACL,uBAAuB,EAEvB,kBAAkB,EAClB,oBAAoB,EACpB,SAAS,EACT,kBAAkB,EAClB,sBAAsB,EACtB,WAAW,EACX,WAAW,EACX,0BAA0B,EAC1B,qBAAqB,EACrB,0BAA0B,EAC1B,qBAAqB,EACrB,oBAAoB,EACpB,yBAAyB,EACzB,oBAAoB,EACpB,iBAAiB,EACjB,6BAA6B,EAG7B,oBAAoB,EACpB,eAAe,EAGf,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,0BAA0B,EAC1B,uBAAuB,EACvB,4BAA4B,EAC5B,sBAAsB,EACtB,0BAA0B,GAC3B,MAAM,4BAA4B,CAAC;AACpC,cAAc,YAAY,CAAC;AAE3B,MAAM,CAAC,MAAM,mBAAmB,GAC9B,kCAAkC,EAAE,CAAC;AAEvC,MAAM,CAAC,MAAM,kBAAkB,GAC7B,iCAAiC,EAAE,CAAC;AAEtC,MAAM,UAAU,eAAe,CAAC,IAAc;IAC5C,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC;AACnC,CAAC"}
@@ -0,0 +1,2 @@
1
+ export declare function isBlockedGitInvocation(tokens: string[]): boolean;
2
+ //# sourceMappingURL=command-policy-git.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"command-policy-git.d.ts","sourceRoot":"","sources":["../../src/safety/command-policy-git.ts"],"names":[],"mappings":"AAgEA,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CA8ChE"}
@@ -0,0 +1,88 @@
1
+ import { hasAnyToken, normalizeCommandName, } from "./command-policy-wrappers.js";
2
+ function getGitSubcommandIndex(tokens) {
3
+ for (let i = 1; i < tokens.length; i++) {
4
+ const token = tokens[i];
5
+ if (token === "-C" ||
6
+ token === "-c" ||
7
+ token === "--git-dir" ||
8
+ token === "--namespace" ||
9
+ token === "--work-tree") {
10
+ i++;
11
+ continue;
12
+ }
13
+ if (token === "--bare" ||
14
+ token === "--no-pager" ||
15
+ token === "--paginate" ||
16
+ token.startsWith("--git-dir=") ||
17
+ token.startsWith("--namespace=") ||
18
+ token.startsWith("--work-tree=")) {
19
+ continue;
20
+ }
21
+ if (token.startsWith("-"))
22
+ continue;
23
+ return i;
24
+ }
25
+ return undefined;
26
+ }
27
+ const BLOCKED_GIT_SUBCOMMANDS = new Set([
28
+ "add",
29
+ "am",
30
+ "apply",
31
+ "bisect",
32
+ "checkout",
33
+ "cherry-pick",
34
+ "clean",
35
+ "clone",
36
+ "commit",
37
+ "fetch",
38
+ "gc",
39
+ "init",
40
+ "merge",
41
+ "mv",
42
+ "pull",
43
+ "push",
44
+ "rebase",
45
+ "reflog",
46
+ "reset",
47
+ "restore",
48
+ "revert",
49
+ "rm",
50
+ "stash",
51
+ "submodule",
52
+ "switch",
53
+ "tag",
54
+ "worktree",
55
+ ]);
56
+ export function isBlockedGitInvocation(tokens) {
57
+ const rootCommand = normalizeCommandName(tokens[0] ?? "");
58
+ if (rootCommand !== "git")
59
+ return false;
60
+ const subcommandIndex = getGitSubcommandIndex(tokens);
61
+ if (subcommandIndex === undefined)
62
+ return false;
63
+ const subcommand = tokens[subcommandIndex];
64
+ const args = tokens.slice(subcommandIndex + 1);
65
+ if (subcommand === "branch") {
66
+ return hasAnyToken(args, new Set(["-d", "-D", "-m", "-M", "--delete", "--move"]));
67
+ }
68
+ if (subcommand === "config") {
69
+ return !args.some((arg) => arg === "--get" ||
70
+ arg === "--get-all" ||
71
+ arg === "--get-regexp" ||
72
+ arg === "--list" ||
73
+ arg === "--name-only" ||
74
+ arg === "--show-origin" ||
75
+ arg === "-l");
76
+ }
77
+ if (subcommand === "diff") {
78
+ return args.some((arg) => arg === "--output" || arg.startsWith("--output="));
79
+ }
80
+ if (subcommand === "remote") {
81
+ const remoteAction = args.find((arg) => !arg.startsWith("-"));
82
+ return !(remoteAction === undefined ||
83
+ remoteAction === "get-url" ||
84
+ remoteAction === "show");
85
+ }
86
+ return BLOCKED_GIT_SUBCOMMANDS.has(subcommand);
87
+ }
88
+ //# sourceMappingURL=command-policy-git.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"command-policy-git.js","sourceRoot":"","sources":["../../src/safety/command-policy-git.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,WAAW,EACX,oBAAoB,GACrB,MAAM,8BAA8B,CAAC;AAEtC,SAAS,qBAAqB,CAAC,MAAgB;IAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACxB,IACE,KAAK,KAAK,IAAI;YACd,KAAK,KAAK,IAAI;YACd,KAAK,KAAK,WAAW;YACrB,KAAK,KAAK,aAAa;YACvB,KAAK,KAAK,aAAa,EACvB,CAAC;YACD,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QACD,IACE,KAAK,KAAK,QAAQ;YAClB,KAAK,KAAK,YAAY;YACtB,KAAK,KAAK,YAAY;YACtB,KAAK,CAAC,UAAU,CAAC,YAAY,CAAC;YAC9B,KAAK,CAAC,UAAU,CAAC,cAAc,CAAC;YAChC,KAAK,CAAC,UAAU,CAAC,cAAc,CAAC,EAChC,CAAC;YACD,SAAS;QACX,CAAC;QACD,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QACpC,OAAO,CAAC,CAAC;IACX,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,uBAAuB,GAAG,IAAI,GAAG,CAAC;IACtC,KAAK;IACL,IAAI;IACJ,OAAO;IACP,QAAQ;IACR,UAAU;IACV,aAAa;IACb,OAAO;IACP,OAAO;IACP,QAAQ;IACR,OAAO;IACP,IAAI;IACJ,MAAM;IACN,OAAO;IACP,IAAI;IACJ,MAAM;IACN,MAAM;IACN,QAAQ;IACR,QAAQ;IACR,OAAO;IACP,SAAS;IACT,QAAQ;IACR,IAAI;IACJ,OAAO;IACP,WAAW;IACX,QAAQ;IACR,KAAK;IACL,UAAU;CACX,CAAC,CAAC;AAEH,MAAM,UAAU,sBAAsB,CAAC,MAAgB;IACrD,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC1D,IAAI,WAAW,KAAK,KAAK;QAAE,OAAO,KAAK,CAAC;IAExC,MAAM,eAAe,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;IACtD,IAAI,eAAe,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IAEhD,MAAM,UAAU,GAAG,MAAM,CAAC,eAAe,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,eAAe,GAAG,CAAC,CAAC,CAAC;IAE/C,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,WAAW,CAChB,IAAI,EACJ,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC,CACxD,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,CAAC,IAAI,CAAC,IAAI,CACf,CAAC,GAAG,EAAE,EAAE,CACN,GAAG,KAAK,OAAO;YACf,GAAG,KAAK,WAAW;YACnB,GAAG,KAAK,cAAc;YACtB,GAAG,KAAK,QAAQ;YAChB,GAAG,KAAK,aAAa;YACrB,GAAG,KAAK,eAAe;YACvB,GAAG,KAAK,IAAI,CACf,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC,IAAI,CACd,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,KAAK,UAAU,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,CAC3D,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9D,OAAO,CAAC,CACN,YAAY,KAAK,SAAS;YAC1B,YAAY,KAAK,SAAS;YAC1B,YAAY,KAAK,MAAM,CACxB,CAAC;IACJ,CAAC;IAED,OAAO,uBAAuB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;AACjD,CAAC"}
@@ -0,0 +1,6 @@
1
+ type SegmentBlocker = (tokens: string[]) => boolean;
2
+ export declare function hasGenericWriteOrLongRunningFlag(tokens: string[]): boolean;
3
+ export declare function isBlockedLongRunningInvocation(tokens: string[]): boolean;
4
+ export declare function isBlockedByCommandOptions(tokens: string[], isBlockedCommandSegment: SegmentBlocker): boolean;
5
+ export {};
6
+ //# sourceMappingURL=command-policy-options.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"command-policy-options.d.ts","sourceRoot":"","sources":["../../src/safety/command-policy-options.ts"],"names":[],"mappings":"AAKA,KAAK,cAAc,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC;AAsBpD,wBAAgB,gCAAgC,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAS1E;AAED,wBAAgB,8BAA8B,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAuBxE;AAED,wBAAgB,yBAAyB,CACvC,MAAM,EAAE,MAAM,EAAE,EAChB,uBAAuB,EAAE,cAAc,GACtC,OAAO,CA6FT"}
@@ -0,0 +1,112 @@
1
+ import { hasAnyToken, normalizeCommandName, } from "./command-policy-wrappers.js";
2
+ const INTERPRETER_EVAL_COMMANDS = new Set([
3
+ "deno",
4
+ "node",
5
+ "perl",
6
+ "php",
7
+ "python",
8
+ "python3",
9
+ "ruby",
10
+ ]);
11
+ const GENERIC_WRITE_OR_LONG_RUNNING_FLAGS = new Set([
12
+ "--fix",
13
+ "--update-snapshot",
14
+ "--updateSnapshot",
15
+ "--watch",
16
+ "--watch-all",
17
+ "--watchAll",
18
+ "--write",
19
+ ]);
20
+ export function hasGenericWriteOrLongRunningFlag(tokens) {
21
+ return tokens.some((token) => {
22
+ if (GENERIC_WRITE_OR_LONG_RUNNING_FLAGS.has(token))
23
+ return true;
24
+ return (token.startsWith("--fix=") ||
25
+ token.startsWith("--watch=") ||
26
+ token.startsWith("--write="));
27
+ });
28
+ }
29
+ export function isBlockedLongRunningInvocation(tokens) {
30
+ const rootCommand = normalizeCommandName(tokens[0] ?? "");
31
+ if (["less", "more", "sleep", "top", "htop", "watch", "yes"].includes(rootCommand)) {
32
+ return true;
33
+ }
34
+ if (rootCommand === "tail") {
35
+ return tokens.some((token) => token === "-f" || token === "--follow");
36
+ }
37
+ if (rootCommand === "ping") {
38
+ return !tokens.some((token) => token === "-c" || token === "--count" || token.startsWith("-c"));
39
+ }
40
+ return false;
41
+ }
42
+ export function isBlockedByCommandOptions(tokens, isBlockedCommandSegment) {
43
+ const rootCommand = normalizeCommandName(tokens[0] ?? "");
44
+ if (hasGenericWriteOrLongRunningFlag(tokens))
45
+ return true;
46
+ if (rootCommand === "find" || rootCommand === "fd") {
47
+ return hasAnyToken(tokens, new Set([
48
+ "-X",
49
+ "-delete",
50
+ "-exec",
51
+ "-execdir",
52
+ "-ok",
53
+ "-okdir",
54
+ "-x",
55
+ "--exec",
56
+ "--exec-batch",
57
+ ]));
58
+ }
59
+ if ((rootCommand === "sed" || rootCommand === "perl") &&
60
+ tokens.some((token) => token === "-i" || token.startsWith("-i."))) {
61
+ return true;
62
+ }
63
+ if (rootCommand === "curl" || rootCommand === "wget") {
64
+ for (let i = 1; i < tokens.length; i++) {
65
+ const token = tokens[i];
66
+ if (token === "-O" ||
67
+ token === "-o" ||
68
+ token === "--output" ||
69
+ token === "--remote-name" ||
70
+ token.startsWith("-O") ||
71
+ token.startsWith("-o") ||
72
+ token.startsWith("--output=")) {
73
+ return true;
74
+ }
75
+ const requestMethod = token === "-X" || token === "--request"
76
+ ? tokens[i + 1]
77
+ : token.startsWith("-X")
78
+ ? token.slice(2)
79
+ : token.startsWith("--request=")
80
+ ? token.slice("--request=".length)
81
+ : undefined;
82
+ if (requestMethod &&
83
+ !["GET", "HEAD", "OPTIONS"].includes(requestMethod.toUpperCase())) {
84
+ return true;
85
+ }
86
+ if (token === "-d" ||
87
+ token === "-F" ||
88
+ token === "--data" ||
89
+ token === "--data-raw" ||
90
+ token === "--form" ||
91
+ token === "--post-data" ||
92
+ token.startsWith("--data=") ||
93
+ token.startsWith("--data-raw=") ||
94
+ token.startsWith("--form=") ||
95
+ token.startsWith("--post-data=")) {
96
+ return true;
97
+ }
98
+ }
99
+ }
100
+ if (INTERPRETER_EVAL_COMMANDS.has(rootCommand)) {
101
+ if (tokens.some((token) => token === "-c" || token === "-e" || token.startsWith("-e"))) {
102
+ return true;
103
+ }
104
+ const moduleIndex = tokens.indexOf("-m");
105
+ const moduleName = moduleIndex >= 0 ? tokens[moduleIndex + 1] : undefined;
106
+ if (moduleName === "pip" || moduleName === "pip3") {
107
+ return isBlockedCommandSegment(tokens.slice(moduleIndex + 1));
108
+ }
109
+ }
110
+ return false;
111
+ }
112
+ //# sourceMappingURL=command-policy-options.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"command-policy-options.js","sourceRoot":"","sources":["../../src/safety/command-policy-options.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,WAAW,EACX,oBAAoB,GACrB,MAAM,8BAA8B,CAAC;AAItC,MAAM,yBAAyB,GAAG,IAAI,GAAG,CAAC;IACxC,MAAM;IACN,MAAM;IACN,MAAM;IACN,KAAK;IACL,QAAQ;IACR,SAAS;IACT,MAAM;CACP,CAAC,CAAC;AAEH,MAAM,mCAAmC,GAAG,IAAI,GAAG,CAAC;IAClD,OAAO;IACP,mBAAmB;IACnB,kBAAkB;IAClB,SAAS;IACT,aAAa;IACb,YAAY;IACZ,SAAS;CACV,CAAC,CAAC;AAEH,MAAM,UAAU,gCAAgC,CAAC,MAAgB;IAC/D,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;QAC3B,IAAI,mCAAmC,CAAC,GAAG,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAChE,OAAO,CACL,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC;YAC1B,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC;YAC5B,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,CAC7B,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,8BAA8B,CAAC,MAAgB;IAC7D,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAE1D,IACE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,QAAQ,CAC/D,WAAW,CACZ,EACD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,WAAW,KAAK,MAAM,EAAE,CAAC;QAC3B,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,UAAU,CAAC,CAAC;IACxE,CAAC;IAED,IAAI,WAAW,KAAK,MAAM,EAAE,CAAC;QAC3B,OAAO,CAAC,MAAM,CAAC,IAAI,CACjB,CAAC,KAAK,EAAE,EAAE,CACR,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAClE,CAAC;IACJ,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,MAAgB,EAChB,uBAAuC;IAEvC,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAE1D,IAAI,gCAAgC,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAE1D,IAAI,WAAW,KAAK,MAAM,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;QACnD,OAAO,WAAW,CAChB,MAAM,EACN,IAAI,GAAG,CAAC;YACN,IAAI;YACJ,SAAS;YACT,OAAO;YACP,UAAU;YACV,KAAK;YACL,QAAQ;YACR,IAAI;YACJ,QAAQ;YACR,cAAc;SACf,CAAC,CACH,CAAC;IACJ,CAAC;IAED,IACE,CAAC,WAAW,KAAK,KAAK,IAAI,WAAW,KAAK,MAAM,CAAC;QACjD,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EACjE,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,WAAW,KAAK,MAAM,IAAI,WAAW,KAAK,MAAM,EAAE,CAAC;QACrD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACvC,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;YACxB,IACE,KAAK,KAAK,IAAI;gBACd,KAAK,KAAK,IAAI;gBACd,KAAK,KAAK,UAAU;gBACpB,KAAK,KAAK,eAAe;gBACzB,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;gBACtB,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;gBACtB,KAAK,CAAC,UAAU,CAAC,WAAW,CAAC,EAC7B,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,aAAa,GACjB,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,WAAW;gBACrC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC;gBACf,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;oBACtB,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;oBAChB,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,YAAY,CAAC;wBAC9B,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC;wBAClC,CAAC,CAAC,SAAS,CAAC;YACpB,IACE,aAAa;gBACb,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,WAAW,EAAE,CAAC,EACjE,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IACE,KAAK,KAAK,IAAI;gBACd,KAAK,KAAK,IAAI;gBACd,KAAK,KAAK,QAAQ;gBAClB,KAAK,KAAK,YAAY;gBACtB,KAAK,KAAK,QAAQ;gBAClB,KAAK,KAAK,aAAa;gBACvB,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC;gBAC3B,KAAK,CAAC,UAAU,CAAC,aAAa,CAAC;gBAC/B,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC;gBAC3B,KAAK,CAAC,UAAU,CAAC,cAAc,CAAC,EAChC,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,yBAAyB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/C,IACE,MAAM,CAAC,IAAI,CACT,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CACtE,EACD,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,UAAU,GAAG,WAAW,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAC1E,IAAI,UAAU,KAAK,KAAK,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;YAClD,OAAO,uBAAuB,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}
@@ -0,0 +1,4 @@
1
+ export type SegmentBlocker = (tokens: string[]) => boolean;
2
+ export declare function isBlockedPackageManagerInvocation(tokens: string[], isBlockedCommandSegment: SegmentBlocker): boolean;
3
+ export declare function isBlockedSystemPackageManagerInvocation(tokens: string[]): boolean;
4
+ //# sourceMappingURL=command-policy-packages.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"command-policy-packages.d.ts","sourceRoot":"","sources":["../../src/safety/command-policy-packages.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,cAAc,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC;AAiI3D,wBAAgB,iCAAiC,CAC/C,MAAM,EAAE,MAAM,EAAE,EAChB,uBAAuB,EAAE,cAAc,GACtC,OAAO,CAoCT;AAED,wBAAgB,uCAAuC,CACrD,MAAM,EAAE,MAAM,EAAE,GACf,OAAO,CAST"}
@@ -0,0 +1,161 @@
1
+ import { hasGenericWriteOrLongRunningFlag } from "./command-policy-options.js";
2
+ import { normalizeCommandName } from "./command-policy-wrappers.js";
3
+ const PACKAGE_MANAGER_ROOTS = new Set([
4
+ "bun",
5
+ "cargo",
6
+ "corepack",
7
+ "gem",
8
+ "just",
9
+ "make",
10
+ "npm",
11
+ "npx",
12
+ "pip",
13
+ "pip3",
14
+ "pnpm",
15
+ "task",
16
+ "yarn",
17
+ ]);
18
+ const SYSTEM_PACKAGE_MANAGER_ROOTS = new Set([
19
+ "apt",
20
+ "apt-get",
21
+ "brew",
22
+ "dnf",
23
+ "yum",
24
+ ]);
25
+ const MUTATING_PACKAGE_SUBCOMMANDS = new Set([
26
+ "add",
27
+ "audit",
28
+ "autoclean",
29
+ "autoremove",
30
+ "ci",
31
+ "clean",
32
+ "create",
33
+ "dedupe",
34
+ "deploy",
35
+ "dist-upgrade",
36
+ "dlx",
37
+ "doctor",
38
+ "fix",
39
+ "i",
40
+ "import",
41
+ "init",
42
+ "install",
43
+ "link",
44
+ "pack",
45
+ "patch",
46
+ "patch-commit",
47
+ "prune",
48
+ "publish",
49
+ "purge",
50
+ "rebuild",
51
+ "release",
52
+ "remove",
53
+ "rm",
54
+ "set",
55
+ "set-script",
56
+ "unlink",
57
+ "uninstall",
58
+ "up",
59
+ "update",
60
+ "upgrade",
61
+ "version",
62
+ ]);
63
+ const PACKAGE_EXEC_SUBCOMMANDS = new Set(["exec"]);
64
+ const PACKAGE_OPTION_VALUE_FLAGS = new Set([
65
+ "--config",
66
+ "--dir",
67
+ "--filter",
68
+ "--global-dir",
69
+ "--prefix",
70
+ "--project",
71
+ "--registry",
72
+ "--store-dir",
73
+ "--workspace",
74
+ "-C",
75
+ "-F",
76
+ "-w",
77
+ ]);
78
+ function getPackageSubcommandIndex(tokens) {
79
+ for (let i = 1; i < tokens.length; i++) {
80
+ const token = tokens[i];
81
+ if (token === "--")
82
+ return undefined;
83
+ if (PACKAGE_OPTION_VALUE_FLAGS.has(token)) {
84
+ i++;
85
+ continue;
86
+ }
87
+ if (token.startsWith("--config=") ||
88
+ token.startsWith("--dir=") ||
89
+ token.startsWith("--filter=") ||
90
+ token.startsWith("--global-dir=") ||
91
+ token.startsWith("--prefix=") ||
92
+ token.startsWith("--project=") ||
93
+ token.startsWith("--registry=") ||
94
+ token.startsWith("--store-dir=") ||
95
+ token.startsWith("--workspace=")) {
96
+ continue;
97
+ }
98
+ if (token.startsWith("-"))
99
+ continue;
100
+ return i;
101
+ }
102
+ return undefined;
103
+ }
104
+ function nextNonOptionToken(tokens, startIndex) {
105
+ for (let i = startIndex; i < tokens.length; i++) {
106
+ const token = tokens[i];
107
+ if (token === "--")
108
+ continue;
109
+ if (token.startsWith("-"))
110
+ continue;
111
+ return token;
112
+ }
113
+ return undefined;
114
+ }
115
+ function isBlockedPackageScriptName(scriptName) {
116
+ const normalized = scriptName.toLowerCase();
117
+ return /(^|[:_-])(build|codegen|deploy|dev|fix|format|generate|install|preview|publish|release|serve|start|update|watch|write)([:_-]|$)/.test(normalized);
118
+ }
119
+ export function isBlockedPackageManagerInvocation(tokens, isBlockedCommandSegment) {
120
+ const rootCommand = normalizeCommandName(tokens[0] ?? "");
121
+ if (!PACKAGE_MANAGER_ROOTS.has(rootCommand))
122
+ return false;
123
+ if (rootCommand === "npx" || rootCommand === "corepack")
124
+ return true;
125
+ if (hasGenericWriteOrLongRunningFlag(tokens))
126
+ return true;
127
+ const subcommandIndex = getPackageSubcommandIndex(tokens);
128
+ if (subcommandIndex === undefined)
129
+ return false;
130
+ const subcommand = tokens[subcommandIndex];
131
+ const subcommandLower = subcommand.toLowerCase();
132
+ if (PACKAGE_EXEC_SUBCOMMANDS.has(subcommandLower)) {
133
+ const invoked = nextNonOptionToken(tokens, subcommandIndex + 1);
134
+ if (!invoked)
135
+ return false;
136
+ const invokedIndex = tokens.indexOf(invoked, subcommandIndex + 1);
137
+ return isBlockedCommandSegment(tokens.slice(invokedIndex));
138
+ }
139
+ if (subcommandLower === "run") {
140
+ const scriptName = nextNonOptionToken(tokens, subcommandIndex + 1);
141
+ return scriptName ? isBlockedPackageScriptName(scriptName) : false;
142
+ }
143
+ if (rootCommand === "pip" ||
144
+ rootCommand === "pip3" ||
145
+ rootCommand === "gem") {
146
+ return MUTATING_PACKAGE_SUBCOMMANDS.has(subcommandLower);
147
+ }
148
+ if (MUTATING_PACKAGE_SUBCOMMANDS.has(subcommandLower))
149
+ return true;
150
+ return isBlockedPackageScriptName(subcommandLower);
151
+ }
152
+ export function isBlockedSystemPackageManagerInvocation(tokens) {
153
+ const rootCommand = normalizeCommandName(tokens[0] ?? "");
154
+ if (!SYSTEM_PACKAGE_MANAGER_ROOTS.has(rootCommand))
155
+ return false;
156
+ const subcommandIndex = getPackageSubcommandIndex(tokens);
157
+ if (subcommandIndex === undefined)
158
+ return false;
159
+ return MUTATING_PACKAGE_SUBCOMMANDS.has(tokens[subcommandIndex].toLowerCase());
160
+ }
161
+ //# sourceMappingURL=command-policy-packages.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"command-policy-packages.js","sourceRoot":"","sources":["../../src/safety/command-policy-packages.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gCAAgC,EAAE,MAAM,6BAA6B,CAAC;AAC/E,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AAIpE,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IACpC,KAAK;IACL,OAAO;IACP,UAAU;IACV,KAAK;IACL,MAAM;IACN,MAAM;IACN,KAAK;IACL,KAAK;IACL,KAAK;IACL,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;CACP,CAAC,CAAC;AAEH,MAAM,4BAA4B,GAAG,IAAI,GAAG,CAAC;IAC3C,KAAK;IACL,SAAS;IACT,MAAM;IACN,KAAK;IACL,KAAK;CACN,CAAC,CAAC;AAEH,MAAM,4BAA4B,GAAG,IAAI,GAAG,CAAC;IAC3C,KAAK;IACL,OAAO;IACP,WAAW;IACX,YAAY;IACZ,IAAI;IACJ,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,cAAc;IACd,KAAK;IACL,QAAQ;IACR,KAAK;IACL,GAAG;IACH,QAAQ;IACR,MAAM;IACN,SAAS;IACT,MAAM;IACN,MAAM;IACN,OAAO;IACP,cAAc;IACd,OAAO;IACP,SAAS;IACT,OAAO;IACP,SAAS;IACT,SAAS;IACT,QAAQ;IACR,IAAI;IACJ,KAAK;IACL,YAAY;IACZ,QAAQ;IACR,WAAW;IACX,IAAI;IACJ,QAAQ;IACR,SAAS;IACT,SAAS;CACV,CAAC,CAAC;AAEH,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;AAEnD,MAAM,0BAA0B,GAAG,IAAI,GAAG,CAAC;IACzC,UAAU;IACV,OAAO;IACP,UAAU;IACV,cAAc;IACd,UAAU;IACV,WAAW;IACX,YAAY;IACZ,aAAa;IACb,aAAa;IACb,IAAI;IACJ,IAAI;IACJ,IAAI;CACL,CAAC,CAAC;AAEH,SAAS,yBAAyB,CAAC,MAAgB;IACjD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,KAAK,KAAK,IAAI;YAAE,OAAO,SAAS,CAAC;QACrC,IAAI,0BAA0B,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1C,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QACD,IACE,KAAK,CAAC,UAAU,CAAC,WAAW,CAAC;YAC7B,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC;YAC1B,KAAK,CAAC,UAAU,CAAC,WAAW,CAAC;YAC7B,KAAK,CAAC,UAAU,CAAC,eAAe,CAAC;YACjC,KAAK,CAAC,UAAU,CAAC,WAAW,CAAC;YAC7B,KAAK,CAAC,UAAU,CAAC,YAAY,CAAC;YAC9B,KAAK,CAAC,UAAU,CAAC,aAAa,CAAC;YAC/B,KAAK,CAAC,UAAU,CAAC,cAAc,CAAC;YAChC,KAAK,CAAC,UAAU,CAAC,cAAc,CAAC,EAChC,CAAC;YACD,SAAS;QACX,CAAC;QACD,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QACpC,OAAO,CAAC,CAAC;IACX,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,kBAAkB,CACzB,MAAgB,EAChB,UAAkB;IAElB,KAAK,IAAI,CAAC,GAAG,UAAU,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAChD,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,KAAK,KAAK,IAAI;YAAE,SAAS;QAC7B,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QACpC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,0BAA0B,CAAC,UAAkB;IACpD,MAAM,UAAU,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;IAC5C,OAAO,iIAAiI,CAAC,IAAI,CAC3I,UAAU,CACX,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,iCAAiC,CAC/C,MAAgB,EAChB,uBAAuC;IAEvC,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC1D,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,WAAW,CAAC;QAAE,OAAO,KAAK,CAAC;IAE1D,IAAI,WAAW,KAAK,KAAK,IAAI,WAAW,KAAK,UAAU;QAAE,OAAO,IAAI,CAAC;IACrE,IAAI,gCAAgC,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IAE1D,MAAM,eAAe,GAAG,yBAAyB,CAAC,MAAM,CAAC,CAAC;IAC1D,IAAI,eAAe,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IAEhD,MAAM,UAAU,GAAG,MAAM,CAAC,eAAe,CAAC,CAAC;IAC3C,MAAM,eAAe,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;IAEjD,IAAI,wBAAwB,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QAClD,MAAM,OAAO,GAAG,kBAAkB,CAAC,MAAM,EAAE,eAAe,GAAG,CAAC,CAAC,CAAC;QAChE,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAC3B,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,eAAe,GAAG,CAAC,CAAC,CAAC;QAClE,OAAO,uBAAuB,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;IAC7D,CAAC;IAED,IAAI,eAAe,KAAK,KAAK,EAAE,CAAC;QAC9B,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,EAAE,eAAe,GAAG,CAAC,CAAC,CAAC;QACnE,OAAO,UAAU,CAAC,CAAC,CAAC,0BAA0B,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IACrE,CAAC;IAED,IACE,WAAW,KAAK,KAAK;QACrB,WAAW,KAAK,MAAM;QACtB,WAAW,KAAK,KAAK,EACrB,CAAC;QACD,OAAO,4BAA4B,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAC3D,CAAC;IAED,IAAI,4BAA4B,CAAC,GAAG,CAAC,eAAe,CAAC;QAAE,OAAO,IAAI,CAAC;IAEnE,OAAO,0BAA0B,CAAC,eAAe,CAAC,CAAC;AACrD,CAAC;AAED,MAAM,UAAU,uCAAuC,CACrD,MAAgB;IAEhB,MAAM,WAAW,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC1D,IAAI,CAAC,4BAA4B,CAAC,GAAG,CAAC,WAAW,CAAC;QAAE,OAAO,KAAK,CAAC;IAEjE,MAAM,eAAe,GAAG,yBAAyB,CAAC,MAAM,CAAC,CAAC;IAC1D,IAAI,eAAe,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IAChD,OAAO,4BAA4B,CAAC,GAAG,CACrC,MAAM,CAAC,eAAe,CAAC,CAAC,WAAW,EAAE,CACtC,CAAC;AACJ,CAAC"}
@@ -0,0 +1,11 @@
1
+ export type ParseEntry = string | {
2
+ op?: string;
3
+ comment?: string;
4
+ };
5
+ export declare function parseCommand(command: string): ParseEntry[] | null;
6
+ /** Detect $() and backtick command substitution outside single quotes. */
7
+ export declare function hasCommandSubstitution(command: string): boolean;
8
+ export declare function hasUnsafeConstructs(entries: ParseEntry[]): boolean;
9
+ export declare function hasUnsafeRedirects(entries: ParseEntry[]): boolean;
10
+ export declare function extractSegments(entries: ParseEntry[]): string[][];
11
+ //# sourceMappingURL=command-policy-parser.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"command-policy-parser.d.ts","sourceRoot":"","sources":["../../src/safety/command-policy-parser.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG;IAAE,EAAE,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAUpE,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU,EAAE,GAAG,IAAI,CAQjE;AAED,0EAA0E;AAC1E,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAmC/D;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,OAAO,CA0BlE;AAED,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,OAAO,CA6BjE;AAED,wBAAgB,eAAe,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,MAAM,EAAE,EAAE,CAmBjE"}